Eset Firewall vs Windows Firewall?

Is the Windows Firewall really weak? I know that it doesn't block outgoing traffic, but if you have the Antivirus which makes sure that there are no viruses in your computer, is there any thing to worry about?

This is about deciding to get the Nod32 or Smart Security.

 

I wouldn't call windows firewall really weak, you can use it safely if you're behind a firewall router, I do that quite often. ESET's firewall is obviously superior to windows, and allows more flexibility and control over apps.

I wouldn't trust windows firewall if I wasn't behind a firewalled router.

 

I am behind a hardware router, but how do I know if it's a "firewall router"?

 

Most routers have some firewall/filtering features. If you post your brand and model we could probably be more specific. You can also get into the router's configuration menu and to see what options are available.

 

Can you clarify something? Are you speaking of NAT (which most every router for home users have) or are you speaking of the firewall features themselves of routers?

Older routers used NAT, and had options for using others firewalls. One of my older linksys routers had an option if I was using ZoneAlarm to enable some special features. All my newer routers have settings for firewalls and usually have SPI options as well.

To me it seems NAT is what keeps you safe, not necessarily the firewall portion. Any info you have that I should be needing to know?

Sul.

 

Stem's tests (see post by Ronjor) is quite positive about the windows firewall if I recall correctly. You may have to make changes/customize if you use a network or go wireless.

But the Windows firewall has the disadvantage of offering no outbound control whatsoever. You may want basic outbound control for 'legitimate' programs (like Adobe software trying to phone home). It might even block some malware programs trying to initiate outbound connections.

I have no information about the quality of Eset's firewall.

 

If you want some outbound control and some intrusion detection then the eset firewall would work well. Personally i've used the windows firewall for years with no problems. For years i connected directly to the internet using an internal adsl pci modem with only the windows firewall protecting me. As far as i know my system was never compromised. Funnily enough just the other day i was trying to decide the same thing, eset smart security or just the antivirus. In the end i just went for the av, i couldn't justify spending that extra money for the suite when the windows firewall is sufficient for me and i can handle spam fine myself.

 

My idea was that if there was some malicious program that wants outbound connection, wouldn't NOD32 catch it? That was Microsoft's response with Onecare, that the firewall wouldn't have to worry about outbound since AV will catch any malicious programs that wants to communicate with the outside.

On a slightly different topic, does Nod32 still have the best heuristics of all consumer AVs in the world? And is it still the fastest interms of system resources taken up (cpu, ram etc...) by real-time protection? (not on demand scan. This is both for the AV and the suite.

 

Don't change the topic, not the place to debate that. Anywhere you do I can assure you will start a flame war. People are very defensive of their Anti-Virus program these days. Use what AV you want not what others want you to use, at the end of the day they all do a great job at defending your computer.

NAT and onwards, yes. I say that because it would take the "brunk" of the filtering, leaving the rest up to a nice lightweight firewall such as windows or eset's.

I personally have machines with both the suite and just the av+windows firewall. It depends how much control you want. But I will always always recommend a NAT or above router as a must.

 

btw remember that the firewall in vista does have outbound protection.
If Stem has the time I hope he can create a guide for the vista/windows 7 firewall and all the major options including the advanced userinterface.

 

I should have mentioned that, windows 7 firewall looks amazing. My only gripe would be that it might become a popular tool and thereby targeted by hackers looking for exploits, a.k.a. a victim of it's own success.

 

Maybe you did not understand my question? Or maybe I did not understand your initial post. Most every home router utilizes NAT. Years ago, an option within the router for anything labeled 'firewall' was absent. Then, as I noted, some had an option for firewall (or av) if you had a software firewall they worked with. My example was an old linksys that could somehow utilize zonealarm.

Anyway, new routers have usually an SPI feature, a few options for a 'firewall', which I take it to be a software *nix firewall in the router firmware, and more recently Antispoofing of some kind.

So, were you initially talking of a router 'firewall', or using a router with a firewall on the pc? Do you have facts of some kind that a router 'firewall' can have some advantage over NAT or software firewall? Again, I only ask because maybe you have some info that I might like to know.

Just wondering anyway.

Sul.

 

Very well said, ive come to this conclusion many years ago but not many ppl speak about it.

 

But how sustainable is that way of thinking?

Basically, if you choose a product and like it, if it were to become popular you would have to abandon it for one that, whatever other features it may have, is much more obscure. Of course, if the new one really is a good product, it may then become popular as well...

 

Excellent point!

Far be it from me to stick up for MS but the fact is that a top notch firewall in Windows7 will be like a red rag to a bull for every hacker out there.It'll receive 50 times the attention of any other firewall on the market.

 

As a fairly un-knowledgeable computer guy, I would greatly appreciate such a guide!

I started to tinker with the settings, but abandoned it because the terms were a bit confusing. Basically, I would like to be able to block everything at once, and allow only those few items which require access. Where I become confused are the Microsoft services...of course...

Bob

 

Every setup can be different with what filtering is required. If you are set up behind a router on an home LAN then the windows firewall will do what you want and do it well.
If you connect directly to the Internet or connecting to an untrusted LAN, then other considerations for filtering may be required.


- Stem

 

I dont have either of those OS currently installed.

I will find some time later in the week to install Vista, then I will start a thread/guide about its firewall.


- Stem

 

Looking forward to it, thank you in advance

 

A guide to Windows Firewall Outbound packet filtering would be great I have tried to set that up but when I create my outbound rules for internet explorer's iexplore.exe and other apps that use the interent I lose all connectivity as soon as I set outbound to block.
I had assumed when outbound was set to block it meant block all except for "outbound allow" rules but it just seems to block everything.

 

If you're using Vista or 7, Windows Firewall is more than enough to protect you from phishing and hackers.
If you want more control, you can install a nifty little app called 'Vista Firewall Control' by Sphinx Software that gives you more options and control over the built-in firewall.

If you're planning to use a security suite and/or using XP, ESET might be a better choice, since it's firewall also protects from outbound connections.

But in all honesty, if I were you I would just buy the AV and buy a separate firewall program. There are better options for firewall programs out in the market. Some are even free

 

Well yes I know about those third party firewall controller aps for Vista's firewall, I havent gone that way yet simply because I dont want to admit defeat lol

I would usually have no problem with the act of creating firewall rules without being prompted by "this application is trying to access the internet" messeges.
I set up firewalls long before user friendly applications like zone alarm even existed on the market and in fact back then there was no application based packet filtering in any firewall. The whole deal had to be managed at the port level.
After examining the Vista firewall it seems a shame that so many people just want to dismiss it out of hand, it appears to be an extremely capabable firewall, well thought out and has some very advanced settings you just wouldnt find on the average commercial software firewall, and I would like to be able to use it.
I also dont intend to use a third party firewall except as a last resort becuase I have yet to see one that even comes close to the having the capabilities of the Vista firewall and simply because I dont believe any third party firewall could integrate as well into the operating system as Vista's one does and also becuase I feel like its a waste of disk space and money to buy another firewall when Vista already has one.

What I have beeen trying to do is use the firewalls packet filtering to block all outbound traffic and create rules to allow each internet application, I admit I am having proplems doing this right now but, If I can manage to acheive this properly I'm going to start a new thread for Vista Firewall rules, as the hardest part is finding which program's files are the actual ones needing internet access especially for things like Windows Update.

 

Well I hate replying to my own posts but I have still been working on setting up the Vista firewall, and for anyone attempting to set up Outbound packet Filtering in Vista's firewall and has Eset NOD antivirus you may find this little discovery of mine quite interesting, and hopefully, useful.

After much frustration messing with the settings in the firewall all to no avail I was staring at it on the screen, it just happend to be on the programs and services section of one of the unworking rules I had made, when it suddenly dawned on me the reason my outbound firewall rules were not working and leaving me with zero connectivity on Internet Explorer and Yahoo Messenger is becuase I had forgotten all about Eset Antivirus local proxy service.
This is the service that allows Eset NOD Antivirus to monitor website traffic and other Internet activity and prevent them downloading virus code.

The end result of this is, if you are using Eset NOD antivirus, some, if not most, regular internet applications such as IE, email programs, messengers etc. Use it's local proxy service to access the internet.

What this means in practice is, you only need to create one outbound rule in Vista's firewall to allow all the programs that are registered in Eset antivirus, as internet applications, access to the internet.
The rule is for Eset and you create it like this:

Go to Outbound rules, create new rule, choose rule for program, in the box enter:

%ProgramFiles%\ESET\ESET NOD32 Antivirus\ekrn.exe

then click the settings button below that to specify the service for which this applies and choose "apply to services only." (I believe this makes it so no other processes can hijack this firewall rule)
It must be possible to restrict this further to only the services required, but this may mean the creation of more than one rule as I believe more than one service is used.

Finish the creation of the rule, with the regular settings and you can then go to the firewall properties dialogue and set outbound to block on whichever profile you are using or all three of them, you should now find internet explorer and whichever other programs are registered in ESET NOD 32 as internet applications have internet access. While other programs are blocked from accessing the internet, thereby protecting your computer from trojan activity and other phone, home type malware.

One thing worth remembering though, is by doing this you are opening a hole in the firewall for any application registered as a web application in Eset to gain access to the internet so it is worth checking the "web browsers" setting in the ESET NOD 32 advanced setup tree, to see exactly what is being allowed through. I am still contemplating on whether or not Esets local proxy service is actually detrimental to computer security or not, it seems like it creates rather a large hole really as there is several applications registered in my Eset antivirus as web apps which I dont remember assigning so it makes me wonder, does Eset NOD 32 antivirus just add any applications that want http type access to that list, carte blanche without any user interaction ? If it does you can see where that leads.

Obviously further rules have to be created for other programs that do not use Eset NOD 32's local proxy service, and further rules may also need to be created for some of the programs that do, for features they have that dont use the the ESET NOD proxy. Yahoo messenger may well be one of these, I havent got that far yet though.

I would imagine a similar approach would be required for computers running some other antivirus products which also use a local proxy service to protect internet applications from downloading virus code, like Avast for one.

 

Hello,

Just to let you know I have now set up Vista/ made all needed updates on actual hardware.

I have gone through the basics, but that leads to a lower level of security on the windows services which are controlled by internal hardening rules. For example. If you where to change the policy of outbound to a "block all not allowed by rules" then you would simply block yourself from all internet as the only firewall rules in place for outbound are to allow outbound IGMP and some ICMP, there is a rule there for the DNS client, but for windows updates, well, a policy "block all not allowed by rules" would, with the default rules, also block all windows updates.

Creating rules for such as a browser is easily done, but creating a rule to allow the services host to make outbound for windows updates will cause a warning from vista concerning the windows hardening rules. So it will take some time to check and double check any consequences of adding any firewall rule, and a need to dig deeper into the group policies.


- Stem